django-rest-auth icon indicating copy to clipboard operation
django-rest-auth copied to clipboard

Published 20 hours ago verified publisher icon Tivix

"Authentication credentials were not provided." Error occur While access through Postman

Open Navaruban opened this issue 5 years ago • 21 comments

"Authentication credentials were not provided." Error occur While access API through Postman capture4

following code is used in Django setting.py file

REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES':( 'rest_framework.authentication.TokenAuthentication', # for browsable api view usage 'rest_framework.authentication.SessionAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), }

Please recommend a solution for this issue??

Navaruban avatar Jan 17 '19 04:01 Navaruban

Did you actually provide the authentication details?

Can you use some command line tool like HTTPie and provide the output from your request? ( Don't forget to obfuscate any sensitive data)

s-sebastian avatar Jan 17 '19 15:01 s-sebastian

Hi! The web interface works great however I can not connect using cURL:

Using: REST framework JWT Auth settings: REST_USE_JWT = True

Here trying to log in with cURL $ curl -X POST -d "{"username":"shovel", "email":"[email protected]", "password":"123"}" http://localhost:8000/rest-auth/login/ -v Note: Unnecessary use of -X or --request, POST is already inferred.

  • Trying 127.0.0.1...
  • TCP_NODELAY set
  • Connected to localhost (127.0.0.1) port 8000 (#0)

POST /rest-auth/login/ HTTP/1.1 Host: localhost:8000 User-Agent: curl/7.63.0 Accept: / Content-Length: 71 Content-Type: application/x-www-form-urlencoded

  • upload completely sent off: 71 out of 71 bytes < HTTP/1.1 400 Bad Request < Date: Thu, 14 Feb 2019 03:10:41 GMT < Server: WSGIServer/0.2 CPython/3.7.2 < Content-Type: application/json < Vary: Accept, Cookie < Allow: POST, OPTIONS < X-Frame-Options: SAMEORIGIN < Content-Length: 40 <
  • Connection #0 to host localhost left intact {"password":["This field is required."]} <---- does not see the password

I tried formatting the data like this also: -d '{"username":"shovel", "email":"[email protected]", "password":"123"}' Got the same result.

Then i tried copying and pasting the returned JWT from the web interface to view the restricted page:

~$ curl -H "Authorization: JWTeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NzM5NCwiZW1haWwiOiIifQ.FILWdmNJchAwXh3SVdXSKu16YdrgkulaaXtqfsAygSg" -H "Content-Type: application/json" -X GET http://localhost:8000/api_jwt/see-stuff/ -v Note: Unnecessary use of -X or --request, GET is already inferred.

  • Trying 127.0.0.1...
  • TCP_NODELAY set
  • Connected to localhost (127.0.0.1) port 8000 (#0)

GET /api_jwt/see-stuff/ HTTP/1.1 Host: localhost:8000 User-Agent: curl/7.63.0 Accept: / Authorization: JWTeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJJWT: yLCJ1c2VybmFtZSI6InNob3ZlbCIsImV4cCI6MTU1MDExMzM5NCwiZW1haWwiOiIifQ.FILWdmNJchAwXh3SVdXSKu16YdrgkulaaXtqfsAygSg Content-Type: application/json

< HTTP/1.1 403 Forbidden < Date: Thu, 14 Feb 2019 03:19:56 GMT < Server: WSGIServer/0.2 CPython/3.7.2 < Content-Type: application/json < Vary: Accept, Cookie < Allow: GET, HEAD, OPTIONS < X-Frame-Options: SAMEORIGIN < Content-Length: 58 <

  • Connection #0 to host localhost left intact {"detail":"Authentication credentials were not provided."} <--- same thing

hammerdirt avatar Feb 14 '19 03:02 hammerdirt

In the web console, there is a csrf token and session id in the request header.

Maybe I misunderstood, but I thought that JWT was used instead? We want to go from machine to machine with no web interface. is that possible?

hammerdirt avatar Feb 14 '19 03:02 hammerdirt

Did You provide the Token parameter in the header?

brunobarretofreitas avatar Apr 29 '19 15:04 brunobarretofreitas

I have Postman working with JWT. In Headers tab add 'Authorization' as Key and add 'JWT in Values. Notes:

  1. you MUST HAVE an space after JWT keyword.
  2. Use ONLY JSONWebTokenAuthentication. This will guarantee that Django will ignore things that only exists in browsers like session and you can simulate better for mobiles. 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', # 'rest_framework.authentication.SessionAuthentication', # 'rest_framework.authentication.BasicAuthentication', ),

nandojve avatar Jul 07 '19 17:07 nandojve

You need to authenticate with Token (In your case).

Try this

curl -X GET http://127.0.0.1:8000/api/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'

And read more in the doc

dheerajpai avatar Nov 07 '19 06:11 dheerajpai

https://www.django-rest-framework.org/api-guide/authentication/

has all details about Authentication and this issue must be closed

dheerajpai avatar Nov 07 '19 06:11 dheerajpai

Everything was working fine in Local Server, but on production Server I had to make changes in Apache.

vasantp20 avatar Nov 19 '19 19:11 vasantp20

@vasantp20 what were the change you made in apache? please describe

syedmudaseer avatar Nov 25 '19 19:11 syedmudaseer

After removing the SIMPLE_JWT settings from the Settings.py file, I got the postman and curl to work

SIMPLE_JWT = {

'AUTH_HEADER_TYPES': ('JWT',),

}

delegate-it avatar Feb 18 '20 11:02 delegate-it

Since it is session Login so you need to provide you credentials so do /admin and login later it will work fine

Aishwarya19966 avatar Mar 12 '20 04:03 Aishwarya19966

@syedmudaseer and anybody else stumbling on this later on, you need to enable WSGIPassAuthorization in the apache config:

WSGIPassAuthorization On

ge0rg avatar Mar 25 '20 10:03 ge0rg

The proper way to attach a token on postman for simple TokenAuthentication is by going to the Headers tab and adding an "Authorization" key with a value "Token " (without quotes).

As pointed to by @dheerajpai in the link: https://www.django-rest-framework.org/api-guide/authentication/

I am just restating it here for clarity.

lanexbuzz02 avatar May 04 '20 01:05 lanexbuzz02

For postman this is what you need image

kalimist123 avatar Sep 19 '20 09:09 kalimist123

I was facing the same issue. then went to the admin panel(http://127.0.0.1:8000/admin/) and logged in using superuser credentials. worked for me. Maybe, in my case, you can not access user data without authentication.

ikramulhaq-arbisoft avatar Oct 09 '20 10:10 ikramulhaq-arbisoft

Make sure you have WSGIPassAuthorization On on /wsgi.conf

rpavez avatar Jan 29 '21 22:01 rpavez

After removing the SIMPLE_JWT settings from the Settings.py file, I got the postman and curl to work

SIMPLE_JWT = {

'AUTH_HEADER_TYPES': ('JWT',),

}

This works for me. Can anyone explain why?

theSekyi avatar Mar 22 '21 08:03 theSekyi

I have Postman working with JWT. In Headers tab add 'Authorization' as Key and add 'JWT in Values. Notes:

  1. you MUST HAVE an space after JWT keyword.
  2. Use ONLY JSONWebTokenAuthentication. This will guarantee that Django will ignore things that only exists in browsers like session and you can simulate better for mobiles. 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',

    'rest_framework.authentication.SessionAuthentication',

    'rest_framework.authentication.BasicAuthentication',

    ),

Thank you very much @nandojve. Using JWT instead of Bearer worked for me

Acel-01 avatar Dec 24 '21 01:12 Acel-01

Hi! I tried to use oauth2 authentification with google API for my django framework project. But I don't know where to place access token to be authenticated in my service. I get an error - Authentication credentials were not provided. I think my token just not passed and the server doesn't get it.

So I did:

  • created credentials in https://console.developers.google.com/
  • got access token in postman (I set http://127.0.0.1:8000/api/accounts/google/login/callback/ as callback URL, set client ID and client secret, auth_url https://accounts.google.com/o/oauth2/auth and auth_access_token_url https://oauth2.googleapis.com/token)
  • after getting token, it's automatically set into request header as Authorization
  • used endpoint http://127.0.0.1:8000/api/accounts/google/login/?process=login to authenticate
  • I also passed CSRF token
  • I tried to use 'Token how8fr7hqe9fr3iul2fh' in Authorization header

On finish I get 200 code response (it's HTML file of the google authorization page where I was redirected). Actually I should get code 404 and be redirected to http://localhost:8000/

I tracked all redirections in postman and I saw that I redirected to google auth page (where it suggest me some of my existed accounts), I passed my client id in request and that's it... my needed account is not chosen and I redirected to another endpoint and get 200 code.

Well, I hope somebody understands the topic and help me

Evengii avatar Feb 10 '22 18:02 Evengii

"Authentication credentials were not provided." Error occur While access API through Postman capture4

following code is used in Django setting.py file

REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES':( 'rest_framework.authentication.TokenAuthentication', # for browsable api view usage 'rest_framework.authentication.SessionAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), }

Please recommend a solution for this issue??

**I did have the same issue with token access. In Curl its is working with string with " " not with single ''
I tried with same

curl http://127.0.0.1:8000/api/blog/1/ -H "Authorization: Token c63fe7a5286109841e7d25fbc7f9413e9483897b" Hope it work for you **

Kabhishek18 avatar Jan 02 '23 14:01 Kabhishek18

I am getting the same issue, I've tried everything?! I am unable to log into /admin as a superuser as I have a custom API login but I doubt that should matter. I am getting:

403 Forbidden "detail": "Authentication credentials were not provided."

jbiddulph avatar Mar 13 '24 21:03 jbiddulph